Login

ISC BIND 9 < 9.9.9-P5 / 9.9.9-S7 / 9.10.4-P5 / 9.11.0-P2 Multiple DoS

Medium Nessus Plugin ID 96625

Synopsis

The remote name server is affected by multiple denial of servicevulnerabilities.

Description

According to its self-reported version number, the instance of ISCBIND 9 running on the remote name server is 9.9.x prior to 9.9.9-P5 or9.9.9-S7, 9.10.x prior to 9.10.4-P5, or 9.11.x prior to 9.11.0-P2. Itis, therefore, affected by multiple denial of servicevulnerabilities : - A denial of service vulnerability exists in named due to a flaw that is triggered during the handling of a specially crafted answer packet in a response to an RTYPE ANY query. An unauthenticated, remote attacker can exploit this to cause an assertion failure and daemon exit. Note that this vulnerability affects versions 9.4.0 to 9.6-ESV-R11-W1, 9.8.5 to 9.8.8, 9.9.3 to 9.9.9-P4, 9.9.9-S1 to 9.9.9-S6, 9.10.0 to 9.10.4-P4, and 9.11.0 to 9.11.0-P1. (CVE-2016-9131) - A denial of service vulnerability exists in named in DNSSEC-enabled authoritative servers that is triggered during the handling of a query response that contains inconsistent DNSSEC information. An unauthenticated, remote attacker can exploit this to cause an assertion failure and daemon exit. Note that this vulnerability affects versions 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1. (CVE-2016-9147) - A denial of service vulnerability exists in named due to a flaw that is triggered during the handling of a specially crafted answer that contains a DS resource record. An unauthenticated, remote attacker can exploit this to cause an assertion failure and daemon exit. Note that this vulnerability affects versions 9.6-ESV-R9 to 9.6-ESV-R11-W1, 9.8.5 to 9.8.8, 9.9.3 to 9.9.9-P4, 9.9.9-S1 to 9.9.9-S6, 9.10.0 to 9.10.4-P4, and 9.11.0 to 9.11.0-P1. (CVE-2016-9444) - A denial of service vulnerability exists in named in the nxdomain-redirect functionality that is triggered when handling a specially crafted query. An unauthenticated, remote attacker can exploit this to cause a REQUIRE assertion failure and daemon exit. Note that this vulnerability affects versions 9.9.8-S1 to 9.9.8-S3, 9.9.9-S1 to 9.9.9-S6, and 9.11.0-9.11.0 to P1. (CVE-2016-9778)Note that Nessus has not tested for these issues but has insteadrelied only on the application's self-reported version number.